Lucene search

[email protected]NVD:CVE-2013-1090

HistoryDec 06, 2013 - 5:55 p.m.

CVE-2013-1090

2013-12-0617:55:04

CWE-264

[email protected]

web.nvd.nist.gov

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

12.7%

JSON

The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges via unspecified vectors.

Affected configurations

NVD

Node

opensuseopensuseMatch12.3

References

lists.opensuse.org/opensuse-updates/2013-12/msg00025.html

bugzilla.novell.com/show_bug.cgi?id=811369

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for NVD:CVE-2013-1090

cve1 prion1 cvelist1 nessus1 debiancve1